Change log for GCP_CLOUDSQL
| Date | Changes |
|---|---|
| 2025-08-20 | principal.namespace |
| 2025-08-11 | - `cloudsql.instances.query`: Added support for the event `cloudsql.instances.query` and its relevant corresponding raw log fields
`protoPayload.request.auditClass`, `protoPayload.request.databaseSessionId`, `protoPayload.request.auditType`, `protoPayload.request.statementId`, `protoPayload.request.substatementId`, `protoPayload.request.command`, `protoPayload.request.object`, `protoPayload.request.objectType`, `protoPayload.request.chunkCount`, `protoPayload.request.chunkIndex`, `protoPayload.request.statement`, `protoPayload.request.parameter`, `protoPayload.request.priv_user`, `protoPayload.request.host`, `protoPayload.request.errCode`, `protoPayload.request.objects.object_type`. - `target.process.command_line`: Removed mapping of `protoPayload.request.query` from `target.process.command_line` UDM field `target.resource.attribute.labels[query]`: Mapped `protoPayload.request.query` raw log field with `target.resource.attribute.labels[query]` UDM field - `about.labels[database_name]`: Removed mapping of `protoPayload.request.objects.db` from `about.labels[database_name]` UDM field `target.resource.attribute.labels[database_name]`: Mapped `protoPayload.request.objects.db` raw log field with `target.resource.attribute.labels[database_name]` UDM field - `about.labels[objects_name]`: Removed mapping of `protoPayload.request.objects.name` from `about.labels[objects_name]` UDM field `target.resource.attribute.labels[obj_name]`: Mapped `protoPayload.request.objects.name` raw log field with `target.resource.attribute.labels[obj_name]` UDM field |
| 2025-04-17 | - Modified the mapping of "metadata.event_type" to "USER_LOGIN" only when "resource_type" is "cloudsql_database" or "alloydb.googleapis.com/Instance", and "textPayload" contains "Logon" or "connection authorized".
|
| 2024-09-27 | - Mapped "labels._HOSTNAME" to "principal.hostname" and "principl.asset.hostname" for the sqlserver.err logs
- Mapped "textPayload" log field to "metadata.description" for the sqlserver.err logs - Extracted the user from the "textPayload" log field and mapped to "target.user.userid" for the sqlserver.err logs |
| 2024-09-05 | Enhancement:
- Mapped "resource.labels.cluster_id" to "target.resource.id". - Mapped "labels.CONSUMER_PROJECT" to "target.asset.attribute.cloud.project.id". - Mapped "event_type" to "USER_LOGIN" when "resource_type" is either "cloudsql_database" or "alloydb.googleapis.com/Instance". |
| 2024-07-19 | Added additional mappings for deprecated noun.labels. |
| 2024-06-13 | Enhancement:
- Added "gsub" to remove "\n" from the "textPayload" field. |
| 2024-05-15 | Enhancement:
- Added new Grok patterns to parse "textPayload" field. |
| 2023-11-29 | - Aligned "principal/target.hostname" and "principal/target.asset.hostname" mapping.
|
| 2023-11-01 | - Promoted the parser to default.
|